Savage, Robert CTR USTRANSCOM J6 wrote:
Thanks very much for the pointer. Now I must ask one last (and very
ignorant) question: Do the following results really say that server.key
doesn't go with server.cert?
$ openssl x509 -noout -text -in server.cert | openssl md5
fc68929f3a1863b9f8870ea38a3c84cc
$ openssl rsa -noout -modulus -in server.key | openssl md5
Enter pass phrase for server.key:
c4f9ce1f4d8291507da0aaa805cab3fd
$ openssl req -noout -modulus -in ../server.csr | openssl md5
c4f9ce1f4d8291507da0aaa805cab3fd
I ask this question because I have several subdirectories each supposedly
containing master copies of the server.cert and server.key files for our
web servers. I've repeated the above sequence in each of those
subdirectories with similar results: the server.key and server.csr files
share common MD5s, but the server.cert file does not.
If they should all have a common md5, then I believe I'll have to replace
all my certificates. Bummer.
My understanding is that, yes, your keys and certificates don't match and
you'll have to replace the certificates. However, I'm by no means an (Open)SSL
expert, so maybe someone who is can offer a more rounded explanation...
Andy
--
Dr Andy Buckley: CEDAR @ IPPP, Durham
Work: www.cedar.ac.uk
www.insectnation.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
